Hi,
I am struggling a bit on this setup and not sure if its supported.
I have 2 x MX 85 in a warm spare setup with the shared Virtual IP
2 x MS350
2 x MS250
layer 3 all done on the MX and we have VLANS setup on here (Server VLAN 6 , Desktop VPN VLAN 4, Voice VLAN 3 , Switches / networking VLAN 😎
I had it all working in the past when we had 1 switch stack connected to each MX with he MS doing layer 3.
We want to simplify the Network and have Vlans setup on MX, and removed all VLANS off MS, 2 MS 350 for servers / nas and ESX hosts and the 2 x 250 for users with POE for some phones.
We decided to remove the stacks and make each switch standalone with VIP users having 2 NICS 1 to each switch, as we had issues with Stacks in the past and prefer for simplicity to just have them as standard dumb layer 2. and if 1 breaks, we move users over to the other one, or they have a 2nd NC on the 2nd Switch.
I have managed to get both MX up and all 4 switches, but when I try do a switchover form MX 1 to 2 to test, it all falls over.
Each switch has port 1 going to MX 1 port and Switch port 2 going to HA MX
RSTP Enabled on the uplink ports on switch
STP Guard Disabled
no Cable between MX
no cables between any Switches, only each one to each MX
Switch Port uplinks set as Trunk, native Vlan 8
MX ports to MS - Trunk - Native Vlan 8 ( Also tried with drop untagged traffic) - still no good
Can someone give me some advice on where I am going wrong , what the configs should be as I have read some users like a cable between MX, some use a cable between MS (if this is the case, with 4 what do you do)
And what VLAN should we use for the interconnect cables to MX and MS if thats the way.
I think it will all work if I had 1 switch and 2 MX, but having 4 MS I think I have maybe made it more complicated!
Thanks
When you say it falls over what exactly happens? One or both MXs go unreachable, Switch/Switches go unreachable, something else?
i lost internet access, get an alert to say HA failover, but then its no internet. have to manually restart both MX and then it comes back with primary back as Master,
I wouldn't personally go this way, but let's work with it ...
Nominate two switches to be the core switches. Plug each of the other two switches into both of the core switches. Make one of the core switches the spanning tree root, and the second a standby spanning tree root.
Disable VIP on the MX85s. Connect one MX85 to one core switch and the other to the other core switch. Do not dual connect each MX85. We need to keep this bit of the network loop-free.
I can try this. will report back.
So have the MX in HA with their own public IP and no shared? Would this be more stable?
what would your build look like with 2 x MX 85, 2 x MS350 and 2 x MS250 POE.
I do have stacking cables, but we had issues in the past where the master CPU was causing flapping on the switch at the master and secondary would keep switching over and caused issues with users. it works well when you have a master switch full failure, but when its half failed and reboots and comes back online then has CPU or memory issues etc it makes it hard to troubleshoot.
I though keeping them off a stack, standalone was easy to replace, and easy to have users with 2 NIC on sep switches vs having the swithces in HA.
>So have the MX in HA with their own public IP and no shared?
It allows for them to both go master/master, and for outbound Internet access to still work.